CVE-2025-59810 is an improper access control vulnerability identified in Fortinet FortiSOAR, a security orchestration, automation, and response (SOAR) platform widely used for incident management and security operations. The vulnerability affects both on-premise and PaaS versions from 7.3.0 through 7.6.2. It allows an authenticated attacker with low privileges to craft specific requests that bypass intended access restrictions, resulting in unauthorized disclosure of sensitive information. The flaw does not require user interaction and has a low attack complexity, making it feasible for insiders or compromised accounts to exploit. The vulnerability impacts confidentiality but does not affect integrity or availability of the system. FortiSOAR’s role in aggregating and automating security data means that leaked information could include sensitive incident data, credentials, or configuration details, potentially aiding further attacks. Although no public exploits are reported yet, the medium CVSS score (6.2) and ease of exploitation warrant timely mitigation. The vulnerability was reserved in September 2025 and published in December 2025, indicating recent discovery. Fortinet has not yet provided patch links, so organizations must monitor vendor advisories closely. The vulnerability’s scope covers multiple major FortiSOAR versions, indicating a broad impact across deployments.

For European organizations, the impact of CVE-2025-59810 can be significant due to FortiSOAR’s role in centralizing security operations and sensitive incident data. Unauthorized information disclosure could expose internal security workflows, incident response plans, or sensitive credentials, increasing the risk of follow-on attacks such as lateral movement or privilege escalation. Organizations in critical infrastructure sectors (energy, finance, healthcare) that rely on FortiSOAR for automated security orchestration may face increased risk of targeted attacks exploiting leaked information. The medium severity reflects that while system availability and integrity are not directly impacted, confidentiality breaches can undermine trust and compliance with data protection regulations such as GDPR. Additionally, attackers with authenticated access—potentially insiders or compromised accounts—can exploit this vulnerability without user interaction, increasing the threat surface. The lack of known exploits in the wild currently reduces immediate risk but does not preclude future exploitation. European entities with extensive Fortinet deployments should consider this vulnerability a priority for risk assessment and mitigation.

1. Implement strict role-based access controls (RBAC) in FortiSOAR to limit user privileges to the minimum necessary, reducing the risk that an attacker can exploit this vulnerability. 2. Monitor and audit API and system logs for unusual or unauthorized request patterns that could indicate attempts to exploit access control weaknesses. 3. Apply vendor patches immediately once Fortinet releases them; maintain close communication with Fortinet support channels for updates. 4. Conduct internal security reviews and penetration tests focusing on access control mechanisms within FortiSOAR deployments. 5. Enforce multi-factor authentication (MFA) for all FortiSOAR user accounts to reduce the risk of credential compromise. 6. Segment FortiSOAR infrastructure within the network to limit exposure and lateral movement in case of compromise. 7. Educate security operations staff about the vulnerability and encourage vigilance for suspicious activity. 8. Review and update incident response plans to incorporate potential scenarios involving information disclosure from SOAR platforms.